natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
f9723b1f117a2063cc25f76f4a40632acbda648d
dotfiles/hosts/remilia/services.nix
natto1784 81452ba490 Remilia/services: clean up
2022-03-09 16:20:01 +05:30

114 lines
3.6 KiB
Nix
Executable File
Raw Blame History

{ config, pkgs, lib, ... }:
{
services = {
openssh = {
enable = true;
permitRootLogin = "yes";
ports = [ 22001 22002 ];
};
znc = {
enable = true;
mutable = true;
useLegacyConfig = false;
};
nginx = {
enable = true;
package = (pkgs.nginx.overrideAttrs (oa: {
configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ];
}));
virtualHosts =
let
genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
addSSL = true;
enableACME = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig = ''
proxy_set_header Host $host;
'' + conf;
};
};
in
{
"vault.weirdnatto.in" = genericHttpRProxy { addr = "https://10.55.0.2:8800"; };
"consul.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:8500"; };
"ci.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:6666"; };
"radio.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.3:8000"; };
"git.weirdnatto.in" = genericHttpRProxy {
addr = "http://10.55.0.2:5000";
conf = "client_max_body_size 64M;";
};
"nomad.weirdnatto.in" = genericHttpRProxy {
addr = "http://10.55.0.2:4646";
conf = ''
proxy_buffering off;
proxy_read_timeout 310s;
'';
};
"weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://10.55.0.2:80";
serverAliases = [ "www.weirdnatto.in" ];
};
};
};
vault-agent = {
enable = true;
settings = {
vault = {
address = "https://10.55.0.2:8800";
client_cert = "/var/certs/cert.pem";
client_key = "/var/certs/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Remilia";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Remilia/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
{
source = pkgs.writeText "natto@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia/mail" }}{{ .Data.data.nattomail }}{{ end }}
'';
destination = "/var/secrets/natto@weirdnatto.in.key";
}
{
source = pkgs.writeText "masti@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia/mail" }}{{ .Data.data.mastimail }}{{ end }}
'';
destination = "/var/secrets/masti@weirdnatto.in.key";
}
];
};
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCH975XCps+VCzo8Fpp5BkbtiFmj9y3//FBVYlQ7/yo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0jyHWuWBKzucnARINqQ/A0AFPghxayh0DDthbpOhaz"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFyKi0HYfkgvEDvjzmDRGwAq2z2KOkfv7scTVSnonBh"
];
security.acme = {
acceptTerms = true;
certs = {
"weirdnatto.in".extraDomainNames = lib.singleton "www.weirdnatto.in";
} //
lib.mapAttrs' (n: _: lib.nameValuePair n ({ email = "natto@weirdnatto.in"; })) config.services.nginx.virtualHosts;
};
security.pki.certificateFiles = [ ../../cert.pem ];
}
Reference in New Issue View Git Blame Copy Permalink